CVE-2020-8227 — Path Traversal in Desktop

CWE-22 — Path Traversal10 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

0.9%

top 24.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Desktop

Timeline

PublishedAug 21

Latest updateMay 24

Description

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages1 packages

▶NVDnextcloud/desktop< 2.6.5

🔴Vulnerability Details

GHSA

GHSA-64gg-6m36-39px: Missing sanitization of a server response in Nextcloud Desktop Client 2↗2022-05-24

▶

OSV

CVE-2020-8227: Missing sanitization of a server response in Nextcloud Desktop Client 2↗2020-08-21

▶

CVEList

CVE-2020-8227: Missing sanitization of a server response in Nextcloud Desktop Client 2↗2020-08-21

▶

📋Vendor Advisories

Debian

CVE-2020-8227: nextcloud-desktop - Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for ...↗2020

▶

💬Community

Bugzilla

CVE-2020-8227 nextcloud-client: nextcloud: missing sanitization of a server response leads to store files outside of dedicated sync directory [fedora-all]↗2020-08-24

▶

Bugzilla

CVE-2020-8227 nextcloud: missing sanitization of a server response leads to store files outside of dedicated sync directory [fedora-all]↗2020-08-24

▶

Bugzilla

CVE-2020-8227 nextcloud: missing sanitization of a server response leads to store files outside of dedicated sync directory↗2020-08-24

▶

Bugzilla

CVE-2020-8227 nextcloud: missing sanitization of a server response leads to store files outside of dedicated sync directory [epel-7]↗2020-08-24

▶

Bugzilla

CVE-2020-8227 nextcloud-client: nextcloud: missing sanitization of a server response leads to store files outside of dedicated sync directory [epel-7]↗2020-08-24

▶